TestOut Security Pro Chapter 8-11, TestOut Security Pro Chapters 10 & 11
10.1.5 Allow SSL Connections You are the IT security administrator for a small corporate network. You currently run a website on the CorpWeb server. You want to allow SSL connections to this website. In this lab, your task is to add a binding to the CorpNet website using the following settings: Website: www.corpnet.xyz Protocol: HTTPS Port: 443 SSL certificate: www.corpnet.xyz
10.1.5 Complete this lab as follows: Open the IIS Manager to the CorpNet.xyz site. From the Server Manager's menu bar, select Tools > Internet Information Services (IIS) Manager. Expand CorpWeb(CorpNet.com\Administrator) > Sites. Select CorpNet.xyz. Add a binding to the CorpNet website. From the Actions pane (far right), select Bindings. Select Add. Using the Type drop-down menu, select HTTPS. Make sure the port is set to 443. Using the SSL certificate drop-down menu, select www.CorpNet.xyz and then select OK. Select Close.
10.2.3
10.2.3
10.4.14
10.4.14
11.1.4
11.1.4
11.2.9
11.2.9
11.3.6
11.3.6
11.4.12
11.4.12
11.5.4
11.5.4
11.6.1.
11.6.12
11.7.8
11.7.8
What is the minimum number of users needed in a Windows Enterprise agreement for Intune to be included?
500
8.1.6
8.1.6
8.2.7
8.2.7
8.3.10
8.3.10
You need to configure a wireless network using WPA2-Enterprise. Which of the following components should be part of your design? (Select two.)
802.1x AES encryption
9.1.8
9.1.8
9.2.7
9.2.7
9.3.4
9.3.4
9.4.6
9.4.6
9.5.6
9.5.6
9.6.7
9.6.7
9.7.7
9.7.7
9.8.7
9.8.7
9.9.6
9.9.6
Which of the following cloud storage access services acts as a gatekeeper, extending an organization's security policies into the cloud storage infrastructure?
A cloud-access security broker
Which of the following are disadvantages of server virtualization?
A compromised host system might affect multiple servers.
Which of the following describes a man-in-the-middle attack?
A false server intercepts communications from a client by impersonating the intended server.
Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on their personal tablets. The chief information officer worries that one of these users might also use their tablet to steal sensitive information from the organization's network. Your job is to implement a solution that prevents insiders from accessing sensitive information stored on the organization's network from their personal devices while still giving them access to the internet. Which of the following should you implement?
A guest wireless network that is isolated from your organization's production network
Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on company-owned tablets. These tablets contain sensitive information. If one of these tablets is lost or stolen, this information could end up in the wrong hands. The chief information officer wants you to implement a solution that can be used to keep sensitive information from getting into the wrong hands if a device is lost or stolen. Which of the following should you implement?
A mobile device management (MDM) infrastructure
Which of the following accurately describes what a protocol analyzer is used for? (Select two.)
A passive device that is used to copy frames and allow you to view frame contents. A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack).
In a variation of the brute force attack, an attacker may use a predefined list of common usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?
A strong password policy
Which of the following could be an example of a malicious insider attack?
A user uses the built-in microphone to record conversations.
Which of the following attacks tries to associate an incorrect MAC address with a known IP address?
ARP poisoning
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on a network?
ARP poisoning
Which of the following is a policy that defines appropriate and inappropriate usage of company resources, assets, and communications?
Acceptable use policy (AUP)
8.3.6 8.3.6 Harden a Wireless Network You are a network technician for a small corporate network. You need to increase the security of your wireless network. Your new wireless controller provides several security features that you want to implement. Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case sensitive. In this lab, your task is to: Change the admin username and password for the Zone Director controller to the following: Admin Name: WxAdmin Password: ZDAdminsOnly!$ (O is the capital letter O) Set up MAC address filtering (L2 Access Control) to create a whitelist called Allowed Devices that includes the following wireless devices: 00:18:DE:01:34:67 00:18:DE:22:55:99 00:02:2D:23:56:89 00:02:2D:44:66:88 Implement a device access policy called NoGames that blocks gaming consoles from the wireless network.
Access the Ruckus zone controller. From the taskbar, select Google Chrome. In the URL field, enter 192.168.0.6 and press Enter. Maximize the window for easier viewing. Log in to the wireless controller console. In the Admin field, enter admin (case sensitive). In the Password field, enter password as the password. Select Login. Change the admin username and password for the Zone Director controller. From the top, select the Administer tab. Make sure Authenticate using the admin name and password is selected. In the Admin Name field, enter WxAdmin. In the Current Password field, enter password. In the New Password field, enter ZDAdminsOnly!$. In the Confirm New Password field, enter ZDAdminsOnly!$. On the right, select Apply. Enable MAC address filtering. From the top, select the Configure tab. From the left menu, select Access Control. Expand L2-L7 Access Control. Under L2/MAC address Access Control, select Create New. In the Name field, enter Allowed Devices. Under Restriction, make sure Only allow all stations listed below is selected. Enter a MAC address. Select Create New. Repeat step 4g-4h for each MAC address you would like to add to the ACL. Select OK. Configure access controls. Under Access Control, expand Device Access Policy. Select Create New. In the Name field, enter NoGames. Select Create New. In the Description field, enter Games. Using the OS/Type drop-down list, select Gaming. In the Type field, select Deny. Under Uplink, make sure Disabled is selected. Under Downlink, make sure Disabled is selected. Select OK
Which type of RFID tag can send a signal over a long distance?
Active
Which of the following is the first phase of the Microsoft Intune application life cycle?
Add
Which of the following strategies can protect against a rainbow table password attack?
Add random bits to the password before hashing takes place
Which application development model approaches software development as a continuous, changing process with never-ending versions, bug fixes, and enhancements?
Agile
Which of the following BEST describes the Physical SDN layer?
Also known as the Infrastructure layer.
Which of the following best describes an evil twin?
An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information.
Which of the following defines an acceptable use agreement?
An agreement that identifies employees' rights to use company property, such as internet access and computer equipment, for personal use.
You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use?
Anomaly-based IDS
What is the most common form of host-based IDS that employs signature or pattern-matching detection methods?
Antivirus software
Which of the following app deployment and update methods can be configured to make available to specific users and groups only the apps that they have rights to access?
App catalog
Your organization recently purchased 20 Android tablets for use by the organization's management team. To increase the security of these devices, you want to ensure that only specific apps can be installed. Which of the following would you implement?
App whitelisting
Which SDN layer would a load balancer that stops and starts VMs as resource use increases reside on?
Application
Which type of firewall operates at Layer 7 of the OSI model?
Application layer
Which of the following is an open-source hardware and software company that designs and manufactures single-board microcontrollers as well as kits to build digital devices?
Arduino
Which of the following activities are typically associated with a penetration test?
Attempt social engineering.
You have been hired as part of the team that manages an organization's network defense. Which security team are you working on?
Blue
Which of the following sends unsolicited business cards and messages to a Bluetooth device?
Bluejacking
You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using?
Brute force attack
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?
Buffer overflow attack
Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle?
Buffer overflow attack
Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?
Buffer overflow attack
As part of a special program, you have discovered a vulnerability in an organization's website and reported it to the organization. Because of the severity, you are paid a good amount of money. Which type of penetration test are you performing?
Bug bounty
Which device deployment model gives businesses significant control over device security while allowing employees to use their devices to access both corporate and personal data?
COPE
Which of the following are network-sniffing tools?
Cain and Abel, Ettercap, and TCPDump
You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address. Which of the following can you use to simplify this process?
Capture filters
You've just finished installing a wireless access point for a client. What should you do to prevent unauthorized users from using the access point (AP) configuration utility?
Change the administrative password on the AP.
You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do? (Select two. Each response is a complete solution.)
Check the MAC addresses of devices connected to your wired switch. Conduct a site survey.
Which of the following provides the network virtualization solution called XenServer?
Citrix
What is the on-premises, cloud-based software tool that sits between an organization and a cloud service provider called?
Cloud-access security broker
Which of the following can provide the most specific protection and monitoring capabilities?
Cloud-access security broker
Which of the following is a network device that is deployed in the cloud to protect against unwanted access to a private network?
Cloud-based firewall
You have just finished developing a new application. Before putting it on the website for users to download, you want to provide a checksum to verify that the object has not been modified. Which of the following would you implement?
Code signing
Which of the following are the two main causes of software vulnerabilities? (Select two.)
Coding errors Design flaws
Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system?
Collectors
Which of the following BEST describes the Application SDN layer?
Communicates with the Control layer through the northbound interface.
A group of small local businesses have joined together to share access to a cloud-based payment system. Which type of cloud is MOST likely being implemented?
Community
Which of the following Intune portals is used by end users to manage their own account and enroll devices?
Company portal
What does an IDS that uses signature recognition use to identify attacks?
Comparisons to known attack patterns
11.4.7 Scan for Windows Vulnerabilities You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Mary is the primary administrator for the network and the only person authorized to perform local administrative actions. The company network security policy requires complex passwords for all users. It is also required that Windows Firewall is enabled on all workstations. Sharing personal files is not allowed. In this lab, your task is to: Run a vulnerability scan for the Office2 workstation using the Security Evaluator. A shortcut is located on the taskbar. Remediate the vulnerabilities found in the vulnerability report for Office2. Re-run a vulnerability scan to make sure all of the issues are resolved.
Complete this lab as follows. Run a Security Evaluator report.From the taskbar, open Security Evaluator.Next to Target Local Machine, select the Target icon to select a new target.Select Workstation.From the Workstation drop-down list, select Office2 as the target.Select OK.Next to Status, select the Run/Rerun Security Evaluation icon.Review the results to determine which issues you need to resolve on Office2. Access local users using Office2's Computer Management console.From the top navigation tabs, select Floor 1.Under Office 2, select Office2.From Office2, right-click Start and select Computer Management.Expand and select Local Users and Groups > Users. Rename a user account.Right-click Administrator and select Rename.Enter a new name of your choice and press Enter. Disable the Guest account.Right-click Guest and select Properties.Select Account is disabled and then select OK. Set a new password for Mary.Right-click Mary and select Set Password.Select Proceed.Enter a new password of your choice (12 characters or more).Confirm the new password and then select OK.Select OK.Ideally, you should have created a policy that requires passwords with 12 characters or more. Configure Mary's password to expire and to change at next logon.Right-click Mary and select Properties.Clear Password never expires.Select User must change password at next logon and then select OK. Unlock Susan's account and remove her from the Administrators group.Right-click Susan and select Properties.Clear Account is locked out and then select Apply.Select the Member of tab.Select Administrators.Select Remove.Select OK.Close Computer Management. Enable Windows Firewall for all profiles.Right-click Start and then select Settings.Select Network & Internet.From the right pane, scroll down and select Windows Firewall.Under Domain network, select Turn on.Under Private network, select Turn on.Under Public network, select Turn on.Close all open Windows. Remove a file share.From the taskbar, select File Explorer.From the left pane, select This PC.From the right pane, double-click Local Disk (C:).Right-click MyMusic and select Properties.Select the Sharing tab.Select Advanced Sharing.Clear Share this folder.Select OK.Select OK. Use the Security Evaluator feature to verify that all of the issues on the ITAdmin computer were resolved.From the top navigation tabs, select Floor 1.Under IT Administration, select ITAdmin.From Security Evaluator, select the Run/Rerun Security Evaluation icon to rerun the security evaluation.If you still see unresolved issues, select Floor 1, navigate to the Office2 workstation and remediate any remaining issues.
8.3.9 You have been hired by a small hotel to configure how their guests access the internet. You have chosen to use pfSense's captive portal feature. Guests must pass through this portal to access the internet. In this lab, your task is to: Access the pfSense management console: Username: admin Password: P@ssw0rd (zero) Add a captive portal zone named Guest_WiFi Use the description Zone used for the guest Wi-Fi Using the GuestWi-Fi interface, configure your portal as follows: Allow a maximum of 100 concurrent connections. Disconnect user from the internet if their connection is inactive for 30 minutes. Disconnect user from the internet after two hours regardless of their activity. Limit user's download and upload to 8000 and 2500 Kbit/s, respectively. Force to pass through your portal prior to authentication. Allow the following MAC and IP address to pass through the portal: MAC: 00:00:1B:12:34:56 IP: 198.28.1.100/16 Give the IP address the description Admin's Laptop
Complete this lab as follows: 1. Sign into the pfSense management console. a. In the Username field, enter admin. b. In the Password field, enter P@ssw0rd (zero). c. Select SIGN IN or press Enter. 2. Add a captive portal zone. a. From the pfSense menu bar, select Services > Captive Portal. b. Select Add. c. For Zone name, enter Guest_WiFi. d. For Zone description, enter Zone used for the guest Wi-Fi. e. Select Save & Continue. 3. Enable and configure the captive portal. a. Under Captive Portal Configuration, select Enable. b. For Interfaces, select GuestWi-Fi. c. For Maximum concurrent connections, select 100. d. For Idle timeout, enter 30. e. For Hard timeout, enter 120. f. Scroll down and select Per-user bandwidth restriction. g. For Default download (Kbit/s), enter 8000. h. For Default upload (Kbit/s), enter 2500. i. Under Authentication, use the drop-down menu to select None, don't authenticate users. j. Scroll to the bottom and select Save. 4. Allow a MAC address to pass through the portal. a. From the Captive Portal page, select the Edit Zone icon (pencil). b. Under the Services breadcrumb, select MACs. c. Select Add. d. Make sure the Action field is set to Pass. e. For Mac Address, enter 00:00:1B:12:34:56. f. Select Save. 5. Allow an IP address to pass through the portal. a. Under the Services breadcrumb, select Allowed IP Addresses. b. Select Add. c. For IP Address, enter 198.28.1.100. d. Use the IP address drop-down menu to select 16. This sets the subnet mask to 255.255.0.0. e. For the Description field, enter Admin's Laptop. f. Make sure Direction is set to Both. g. Select Save.
9.8.7 You are a network technician for a small corporate network. You need to enable BYOD Guest Access Services on your network for guests and employees that have mobile phones, tablets, and personal computers. In this lab, your task is to perform the following: Access the Wireless Controller console through Google Chrome on http://192.168.0.6. Username: admin (case sensitive) password: password Set up Guest Access Services using the following parameters: Name: Guest_BYOD Authentication: Use guest pass authentication The guest should be presented with your terms of use statement and then allowed to go to the URL he or she was trying to access. Verify that 192.168.0.0/16 is on the list of restricted subnets. Create a guest WLAN using the following parameters: Network name: Guest ESSID: Guest_BYOD Type: Guest Access Authentication: Open Encryption Method: None Guest Access Service: Guest_BYOD Isolate guest wireless clients from other clients on the access point. Open a new Google Chrome window and request a guest pass using the BYODAdmin user as follows: URL: 192.168.0.6/guestpass Username: BYODAdmin (case sensitive) Password: P@ssw0rd (0 is a zero) Use any full name in the Full Name field. Make a note of or copy and paste the key in the Key field. Use the key from the guest pass request to authenticate to the wireless LAN Guest_BYOD from the Gst-Lap laptop computer in the Lobby.
Complete this lab as follows: Access and log into the Ruckus ZoneDirector. From the taskbar, select Google Chrome. In the URL field, enter 192.168.0.6 and then press Enter. Maximize the window for easier viewing. In the Admin field, enter admin (case sensitive). In the Password field, enter password as the password. Select Login. Set up Guest Access Services. Select the Configure tab. From the left menu, select Guest Access. Under Guest Access Service, select Create New. Change the Name field to Guest_BYOD. For Terms of Use, select Show terms of use. Expand Restricted Subnet Access. Verify that 192.168.0.0/16 is listed. Select OK. Create a Guest WLAN. From the left menu, select WLANs. Under WLANs, select Create New. Change the Name to Guest. Change the ESSID to Guest_BYOD. Under Type, select Guest Access. For Wireless Client Isolation, select Isolate wireless client traffic from other clients on the same AP. Select OK. Close Google Chrome. Request a Guest password. Open a new Google Chrome browser window. In the URL field, enter 192.168.0.6/guestpass and then press Enter. Maximize the window for easier viewing. In the Username field, enter BYODAdmin (case sensitive). Enter P@ssw0rd as the password (0 is a zero). Select Log In. In the Full Name field, enter any full name. In the Key field, highlight the key and press Ctrl + C to copy the key. Select Next. Access the wireless Guest Access Service from the guest laptop in the lobby. From the top menu, select Floor 1. Select Gst-Lap in the lobby. In the notification area, select the Network icon. Select Guest_BYOD. Select Connect. Select Yes. After Internet Explorer opens to the Guest Access login page, paste the key from the Key field. Select Log In.
You are the IT security administrator for a small corporate network. You are increasing network security by implementing application whitelisting. Your first step is to prevent applications not located in the operating system directory or the program files directory from running on your computers. In addition, the call center application used by the support team runs from C:\CallCenter\CallStart.exe and must be allowed to run. You also want any future versions of the call center application to run without changing any settings. In this lab, your task is to configure AppLocker in the default domain policy as follows: Create the default rules.Allow all files located in the Program Files folder.Allow all files located in the Windows folder. Configure a publisher rule that will allow future updates from the same vendor. Allow the Support group to run the call center software found in C:\CallCenter\CallStart.exe.
Complete this lab as follows: Access the CorpNet.local domain under Group Policy Management.From Server Manager's menu bar, select Tools > Group Policy Management.Maximize the window for better viewing.Expand Forest: CorpNet.local > Domains > CorpNet.local. Access the AppLocker policy.Right-click Default Domain Policy and select Edit.Maximize the window for better viewing.Under Computer Configuration, expand and select:Policies > Windows Settings > Security Settings > Application Control Policies > AppLocker. Configure rule enforcement.From the right pane, select Configure rule enforcement.Under Executable rules, select Configured.Make sure Enforce rules is selected in the drop-down list.Select OK. Configure a Publisher rule and allow the Support group to run the call center software.From the left pane, expand AppLocker.Right-click Executable Rules and then select Create New Rule.Select Next.Make sure Allow is selected.For User or group, click Select.In the Enter the object names to select box, type Support and then select OK.Select Next.Make sure Publisher is selected; then select Next.For the Reference file, select Browse.Browse to and select the C:\CallCenter\CallStart.exe file.Select Open.Slide the pointer from File version to Publisher and then select Next.Select Next.Accept the default name and select Create.Select Yes to create the default rules.Notice that the Publisher rule was created.
You are a network technician for a small corporate network. You want to take advantage of the self-healing features provided by the small enterprise wireless solution you've implemented. You're already logged in as WxAdmin on the Wireless Controller console from ITAdmin. In this lab, your task is to: Configure self-healing on the wireless network. Automatically adjust AP radio power to optimize coverage when interference is present. Set 2.4 GHz and 5 GHz radio channels to use the Background Scanning method to adjust for interference. Configure the background scanning needed for rogue device detection, AP locationing, and self-healing. Background scans should be performed on all radios every 30 seconds. Configure load balancing for all radios by adjusting the threshold to 40 dB. Configure band balancing to allow no more than 30% of clients to use the 2.4 GHz radios. Reduce the power levels to -3 dB for three access points in Building A to reduce RF emanations. Use the wireless survey results in the exhibit to identify the access points.
Complete this lab as follows: Configure self-healing. From the top, select the Configure tab. From the left menu, select Services. Under Self-Healing, select Automatically adjust AP radio power to optimize coverage when interference is present. Using the Automatically adjust 2.4GHz channels using drop-down menu, select Background Scanning from the drop-down menu. Using the Automatically adjust 5GHz channels using drop-down menu, select Background Scanning from the drop-down menu. On the right, select Apply. Configure background scanning. Select Run a background scan on 2.4GHz radio. Enter 30 seconds. Select Run a background scan on 5GHz radio. Enter 30 seconds. On the right, select Apply. Configure load balancing. Select Run load balancing on 2.4GHz radio. In the Adjacent radio threshold(dB) field, enter 40. Select Run load balancing on 5GHz radio. In the Adjacent radio threshold(dB) field, enter 40. On the right, select Apply. Configure band balancing. Select Percent of clients on 2.4GHz radio. Enter the 30. On the right, select Apply. Adjust the AP power level. From the left menu, select Access Points. From the top right, select Exhibit to determine which access points to adjust. Select Edit next to the access point to be modified. Under Radio B/G/N(2.4G) next to TX Power, make sure Override Group Config is selected. From the TX Power drop-down list, select -3dB (1/2). Under Radio A/N/AC(5G) next to TX Power, make sure Override Group Config is selected. From the TX Power drop-down list, select -3dB (1/2). Select OK.
11.7.4 Crack Password with Rainbow Tables A recent breach of a popular 3rd party service has exposed a password database. The security team is evaluating the risk of the exposed passwords for the company. The password hashes are saved in the root user's home directory, /root/captured_hashes.txt. You want to attempt to hack these passwords using a rainbow table. The password requirements for your company are as follows: The password must be 12 or more characters in length. The password must include at least one uppercase and one lowercase letter. The password must have at least one of these special characters: !, ", #, $, %, &, _, ', *, or @. All passwords are encrypted using a hash algorithm of either md5 or sha1. In this lab, your task is to: Create md5 and sha1 rainbow tables using rtgen. Sort the rainbow tables using rtsort. Crack the hashes using rcrack. You must run rcrack on an individual hash and run it on the hash file. Answer the question. The type of charset that can be used to create a rainbow table is stored in the /usr/share/rainbowcrack/charset.txt file. This file can be viewed using the cat command.
Complete this lab as follows: Create and sort an md5 and sha1 rainbow crack table. From the Favorites bar, select Terminal. At the prompt, type rtgen md5 ascii-32-95 1 20 0 1000 1000 0 and press Enter to create a md5 rainbow crack table. Type rtgen sha1 ascii-32-95 1 20 0 1000 1000 0 and press Enter to create a sha1 rainbow crack table. Type rtsort . and press Enter to sort the rainbow table. Crack the password hashes. To crack the password contained in a hash file, type rcrack . -l /root/captured_hashes.txt and press Enter. To crack the password contained in a hash, type rcrack . -h hash_value and press Enter. Repeat step 2b for the remaining hashes. Answer the questions. In the top right, select Answer Questions. Answer the questions. Select Score Lab.
11.4.11 Scan for WAP Vulnerabilities You are the IT security administrator for a small corporate network. You perform vulnerability scans on your network. You need to verify the security of your wireless network and your Ruckus wireless access controller. In this lab, your task is to: Run a vulnerability scan for the wireless access controller 192.168.0.6 using Security Evaluator, which is accessible from the taskbar. Remediate the vulnerabilities found in the vulnerability report for the wireless access controller.New admin name: your choiceNew password: your choiceEnable reporting of rogue devices for intrusion prevention. Rerun a vulnerability scan to make sure all of the issues are resolved. Access the wireless controller console through Google Chrome on http://192.168.0.6 with the admin name admin and the password password. The username and password are case-sensitive.
Complete this lab as follows: Run a Security Evaluator report.From the taskbar, select Security Evaluator.Next to Target: Local Machine, select the Target icon to select a new target.Select IPv4 Address.Enter 192.168.0.6 for the wireless access controller.Select OK.Next to Status No Results, select the Status Run/Rerun Security Evaluation icon to run the security evaluation.Review the results to determine which issues you need to resolve on the wireless access controller. Use Google Chrome to go into the Ruckus wireless access controller.From the taskbar, open Google Chrome.Maximize Google Chrome for easier viewing.In the address bar, type 192.168.0.6 and press Enter.For Admin name, enter admin (case-sensitive).For Password, enter password.Select Login. Change the admin username and password for the Ruckus wireless access controller.Select the Administer tab.Make sure Authenticate using the admin name and password is selected.In the Admin Name field, replace admin with a username of your choice.In the Current Password field, enter password.In the New Password field, enter a password of you choice.In the Confirm New Password field, enter the new password.On the right, select Apply. Enable intrusion detection and prevention.Select the Configure tab.On the left, select WIPS.Under Intrusion Detection and Prevention, select Enable report rogue devices.On the right, select Apply. Verify that all the issues were resolved using the Security Evaluator.From the taskbar, select Security Evaluator.Next to Status Needs Attention, select the Status Run/Rerun Security Evaluation icon to re-run the security evaluation.Remediate any remaining issues.
11.3.5 Implement Intrusion Prevention You work as the IT security administrator for a small corporate network. In an effort to protect your network against security threats and hackers, you have added Snort to pfSense. With Snort already installed, you need to configure rules and settings and then assign Snort to the desired interface. In this lab, your task is to use pfSense's Snort to complete the following: Sign into pfSense using the following:Username: adminPassword: P@ssw0rd (zero) Enable the downloading of the following:Snort free registered User rulesOinkmaster Code: 359d00c0e75a37a4dbd70757745c5c5dg85aaSnort GPLv2 Community rulesEmerging Threats Open rulesSourcefire OpenAppID detectorsAPPID Open rules Configure rule updates to happen once a day at 1:00 a.m.Hide any deprecated rules. Block offending hosts for 1 hour. Send all alerts to the system log when the Snort starts and stops. Assign Snort to the WAN interface using a description of WANSnort.Include:Sending alerts to the system logAutomatically blocking hosts that generate a Snort alert Start Snort on the WAN interface.
Complete this lab as follows: Sign into the pfSense management console.In the Username field, enter admin.In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter. Access the Snort Global Settings.From the pfSense menu bar, select Services > Snort.Under the Services breadcrumb, select Global Settings. Configure the required rules to be downloaded.Select Enable Snort VRT.In the Sort Oinkmaster Code field, enter 359d00c0e75a37a4dbd70757745c5c5dg85aa. You can copy and paste this from the scenario.Select Enable Snort GPLv2.Select Enable ET Open. Configure the Sourcefire OpenAppID Detectors to be downloaded.Under Sourcefire OpenAppID Detectors, select Enable OpenAppID.Select Enable RULES OpenAppID. Configure when and how often the rules will be updated.Under Rules Update Settings, use the Update Interval drop-down menu to select 1 Day.For Update Start Time, change to 01:00.Select Hide Deprecated Rules Categories. Configure Snort General Settings.Under General Settings, use the Remove Blocked Hosts Interval drop-down menu to select 1 HOUR.Select Startup/Shutdown Logging.Select Save. Configure the Snort Interface settings for the WAN interface.Under the Services breadcrumb, select Snort Interfaces and then select Add.Under General Settings, make sure Enable interface is selected.For Interface, use the drop-down menu to select WAN (PFSense port 1).For Description, use WANSnort.
11.6.8 Analyze a SYN Flood Attack You are the CorpNet IT administrator. Your support team says that CorpNet's customers are unable to browse to the public-facing web server. You suspect that it might be under some sort of denial-of-service attack, possibly a TCP-SYN flood attack. Your www_stage computer is on the same network segment as your web server, so you should use this computer to investigate the problem. In this lab, your task is to: Capture packets from the network segment on www_stage using Wireshark. Use the enp2s0 interface. Analyze the attack using the following filters: tcp.flags.syn==1 and tcp.flags.ack==1 tcp.flags.syn==1 and tcp.flags.ack==0 Answer the question.
Complete this lab as follows: Using Wireshark, only capture packets containing both the SYN flag and ACK flags. From the Favorites bar, select Wireshark. Under Capture, select enp2s0. From the menu, select the blue fin to begin the capture. In the Apply a display filter field, type tcp.flags.syn==1 and tcp.flags.ack==1 and press Enter to filter Wireshark to display only those packets with both the SYN flag and ACK flag.You may have to wait up to a minute before any SYN-ACK packets are captured and displayed. Select the red square to stop the capture. Change the filter to only display packets with the SYN flag. In the Apply a display filter field, change the tcp.flags.ack ending from the number 1 to the number 0 and press Enter.Notice that there are a flood of SYN packets being sent to 198.28.1.1 (www.corpnet.xyz) that are not being acknowledged. In the top right, select Answer Questions. Answer the question. Select Score Lab. Correct answer: There are multiple source addresses for the SYN packets with the destination address 128.28.1.1.
9.8.4 9.8.4 Secure an iPad You work as the IT security administrator for a small corporate network. The receptionist uses an iPad to manage employees' schedules and messages. You need to help her secure the iPad because it contains all of the employees' personal information. In this lab, your task is to: View the current iOS version and then answer the applicable question. Apply the latest software update and then answer the applicable question. Configure Auto-Lock with a five-minute delay. Configure Passcode Lock using a passcode of C@sp3r Require the passcode after five minutes. Configure Data Erase to wipe all data after 10 failed passcode attempts. Require unknown networks to be added manually. Turn off Bluetooth.
Complete this lab as follows: Verify the current version of iOS installed on your iPad. Select Settings. From the Settings pane, select General. From the General pane, select About. In the top right, select Answer Questions. Answer Question 1. 11.4 Leave the question dialog open. Apply the latest software update. From the About pane's heading, select General. This returns you to the General settings. From the General pane, select Software Update. Select Download and Install. Select Agree. Select OK. The software is downloaded. Select Install. The installation automatically starts after 10 seconds. Slide the arrow to the right to unlock the iPad. Answer Question 2 11.4.1 and then minimize the question dialog. Configure Auto-Lock. From the Settings pane, select Display & Brightness. From the right pane, select Auto-Lock and then select 5 minutes. Configure Complex Passcode Lock and Data Erase. From the left menu, select Touch ID & Passcode. From the right pane, select Turn Passcode On. Enter the new passcode of C@sp3r Select Next. Re-enter C@sp3r. Select Done. Scroll down and then slide Erase Data to ON. Select Enable. Select Require Passcode. Select After 5 minutes. Require unknown networks to be manually added. From the left menu, select Wi-Fi. Slide Ask to Join Networks to OFF. Turn off Bluetooth as follows: From the left pane, select Bluetooth. Slide Bluetooth to OFF. In the top right, select Answer Questions. Select Score Lab.
You are replacing a wired business network with an 802.11g wireless network. You currently use Active Directory on the company network as your directory service. The new wireless network has multiple wireless access points, and you want to use WPA2 on the network. What should you do to configure the wireless network? (Select two.)
Configure devices to run in infrastructure mode Install a RADIUS server and use 802.1x authentication
You want to connect a laptop computer running Windows to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do?
Configure the connection with a pre-shared key and AES encryption.
You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic?
Configure the network interface to use promiscuous mode.
You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating systems' versions and editions. Currently, all of your virtual machines used for testing are connected to the production network through the hypervisor's network interface. However, you are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code. To prevent issues, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other. What should you do? (Select two. Both responses are part of the complete solution.)
Connect the virtual network interfaces in the virtual machines to the virtual switch. Create a new virtual switch configured for host-only (internal) networking.
Which of the following are true concerning virtual desktop infrastructure (VDI)? (Select two.)
Correct Answer: In the event of a widespread malware infection, the administrator can quickly reimage all user desktops on a few central servers. User desktop environments are centrally hosted on servers instead of on individual desktop systems.
What is the primary function of the IKE Protocol used with IPsec?
Create a security association between communicating partners.
A security administrator logs onto a Windows server on her organization's network. Then she runs a vulnerability scan on that server. Which type of scan was conducted in this scenario?
Credentialed scan
An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. Which kind of exploit has been used in this scenario?
DNS poisoning
Which type of denial-of-service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?
DNS poisoning
While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, the browser displays a completely different website. When you use the IP address of the web server, the correct site is displayed. Which type of attack has likely occurred?
DNS poisoning
Which rights management category is applied to music, videos, and software that is sold to consumers?
DRM
Which of the following is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization?
Data loss prevention
10.3.10 Clear the Browser Cache You use Google Chrome as your web browser on the desktop computer in your dorm room. You are concerned about privacy and security while surfing the web. You are also concerned about exploits that harvest data from your Google Chrome browsing history. In this lab, your task is to delete the following items from your Google Chrome browser history for all time: Browsing history Download history Cookies and other site data Cached images and files Hosted app data
Delete all items from your Google Chrome history. From the Windows taskbar, select Google Chrome. In the upper right, select the ellipsis (three dots) and then select History > History. Maximize the window for easier viewing. Select Clear browsing data. Select Advanced. For the Time range field, use the drop-down menu to select All time. Make sure the following items are checked: Browsing history Download history Cookies and other site data Cached images and files Hosted app data
In which phase of the Microsoft Intune application life cycle would you assign an app to users and/or devices you manage and monitor them on the Azure portal?
Deploy
Why do attackers prefer to conduct distributed network attacks in static environments? (Select two.)
Devices are typically more difficult to monitor than traditional network devices. Devices tend to employ much weaker security than traditional network devices.
Cloud storage is a virtual service, so the infrastructure is the responsibility of the storage provider. Access control should be set as a local file system would be, with no need for the provider to have access to the stored data. You are implementing the following measures to secure your cloud storage: Verify that security controls are the same as in a physical data center. Use data classification policies. Assign information into categories that determine storage, handling, and access requirements. Assign information classification based on information sensitivity and criticality. Which of the following is another security measure you can implement?
Dispose of data when it is no longer needed by using specialized tools.
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?
Dumpster diving
You are performing a security test from the outside on a new application that has been deployed. Which secure testing method are you MOST likely using?
Dynamic
Your organization is having a third party come in and perform an audit on the financial records. You want to ensure that the auditor has access to the data they need while keeping the customers' data secure. To accomplish this goal, you plan to implement a mask that replaces the client names and account numbers with fictional data. Which masking method are you implementing?
Dynamic
Which EAP implementation is MOST secure?
EAP-TLS
Which type of interference is caused by motors, heavy machinery, and fluorescent lights?
EMI
Which of the following mobile device management (MDM) solutions is hardware-agnostic and supports many different brands of mobile devices?
EMM
IPsec is implemented through two separate protocols. What are these protocols called? (Select two.)
ESP AH
Which of the following are advantages of virtualization? (Select two.)
Easy migration of systems to different hardware Centralized administration
Which Amazon device can be used to control smart devices (such as lights) throughout a home using voice commands?
Echo
Which of the following DLP implementations can be used to monitor and control access to physical devices on workstations or servers?
Endpoint DLP
Your organization recently purchased 18 iPad tablets for use by the organization's management team. These devices have iOS pre-installed on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the BEST approach to take to accomplish this? (Select two. Each option is part of a complete solution.)
Enroll the devices in a mobile device management (MDM) system. Configure and apply security policy settings in a mobile device management (MDM) system.
Which of the following is an exploit in which malware allows the virtual OS to interact directly with the hypervisor?
Escape
In your role as a security analyst, you ran a vulnerability scan, and several vulnerabilities were reported. Upon further inspection, none of the vulnerabilities actually existed. Which type of result is this?
False positive
Which class of wireless access point (WAP) has everything necessary to manage clients and broadcast a network already built into its functionality?
Fat
DLP can be used to identify sensitive files in a file system and then embed the organization's security policy within the file. Which of the following DLP implementations travels with sensitive data files when they are moved or copied?
File-level DLP
Which of the following processes identifies an operating system based on its response to different types of network traffic?
Fingerprinting
Which of the following enters random data to the inputs of an application?
Fuzzing
Which fuzz testing program type defines new test data based on models of the input?
Generation-based
Recently, a serious security breach occurred in your organization. An attacker was able to log in to the internal network and steal data through a VPN connection using the credentials assigned to a vice president in your organization. For security reasons, all individuals in upper management in your organization have unlisted home phone numbers and addresses. However, security camera footage from the vice president's home recorded someone rummaging through her garbage cans prior to the attack. The vice president admitted to writing her VPN login credentials on a sticky note that she subsequently threw away in her household trash. You suspect the attacker found the sticky note in the trash and used the credentials to log in to the network. You've reviewed the vice president's social media pages. You found pictures of her home posted, but you didn't notice anything in the photos that would give away her home address. She assured you that her smartphone was never misplaced prior to the attack. Which security weakness is the MOST likely cause of the security breach?
Geotagging was enabled on her smartphone.
Which TCP/IP protocol is a secure form of HTTP that uses SSL as a sub-layer for security?
HTTPS
Which of the following protocols uses port 443?
HTTPS
Which of the following is generated after a site survey and shows the Wi-Fi signal strength throughout the building?
Heat map
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?
Host-based IDS
Which of the following is a network virtualization solution provided by Microsoft?
Hyper-V
Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines?
Hypervisor
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?
IPS
You have been offered a position as a security analyst for Acme, Inc. The position will be remote. Acme Inc. has sent you your employment contract using a system that only allows you to open and digitally sign the contract. Which rights management method is being used?
IRM
Which type of attack is WEP extremely vulnerable to?
IV attack
The owner of a hotel has contracted with you to implement a wireless network to provide internet access for guests. The owner has asked that you implement security controls so that only paying guests are allowed to use the wireless network. She wants guests to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, guests should then be allowed full access to the internet. If a user does not provide the correct code, he or she should not be allowed to access the internet. What should you do?
Implement a captive portal
Your organization allows employees to bring their own devices into work, but management is concerned that a malicious internal user could use a mobile device to conduct an insider attack. Which of the following should be implemented to help mitigate this threat?
Implement an AUP that specifies where and when mobile devices can be possessed within the organization.
Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that analyzes the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do?
Implement an application-aware IPS in front of the web server
An attacker inserts SQL database commands into a data input field of an order form used by a web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's web browser. Which practice would have prevented this exploit?
Implementing client-side validation
While using a web-based order form, an attacker enters an unusually large value in the Quantity field. The value he or she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the web application processes the order as a return instead of a purchase, and the attacker's account is credited with a large sum of money. Which practices would have prevented this exploit? (Select two.)
Implementing client-side validation Implementing server-side validation
The IT manager has tasked you with configuring Intune. You have enrolled the devices and now need to set up the Intune policies. Where would you go to set up the Intune policies?
In the Admin portal, select Policy > Add Policy.
Which of the following functions does a single quote (') perform in an SQL injection?
Indicates that data has ended and a command is beginning
Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?
Input validation
You manage the information systems for a large manufacturing firm. Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an internet connection. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)
Install the latest firmware updates from the device manufacturer. Verify that your network's existing security infrastructure is working properly.
Which of the following tools allows the user to set security rules for an instance of an application that interacts with one organization and different security rules for an instance of the application when interacting with another organization?
Instance awareness
What is the system that connects application repositories, systems, and IT environments in a way that allows access and exchange of data over a network by multiple devices and locations called?
Integration
You notice that a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections. Which of the following labels applies to this growing ecosystem of smart devices?
Internet of Things (IoT)
Your organization recently purchased 20 Android tablets for use by the organization's management team. You are using a Windows domain. Which of the following should you use to push security settings to the devices?
Intune
Which of the following is the recommend Intune configuration?
Intune Standalone
Which of the following BEST describes dynamic data masking? (Select two.)
It replaces original information with a mask that mimics the original in form and function. It can be used to control which users can see the actual data.
You are the security analyst for your organization. Clients are complaining about being unable to connect to the wireless network. After looking into the issue, you have noticed short bursts of high-intensity RF signals are interfering with your wireless network's signal. Which type of attack are you most likely experiencing?
Jamming
You want to check a server for user accounts that have weak passwords. Which tool should you use?
John the Ripper
Which of the following describes a false positive when using an IPS device?
Legitimate traffic being flagged as malicious
Which of the following is a technique that disperses a workload between two or more computers or resources to achieve optimal resource utilization, throughput, or response time?
Load balancing
Which of the following do switches and wireless access points use to control access through a device?
MAC address filtering
Which step in the penetration testing life cycle is accomplished using rootkits or Trojan horse programs?
Maintain access
Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which type of attack?
Man-in-the-middle attack
Which DLP method works by replacing sensitive data with realistic fictional data?
Masking
Which of the following is a solution that pushes security policies directly to mobile devices over a network connection?
Mobile device management (MDM)
Which of the following is an advantage of software-defined networking (SDN)?
More granular control
Which of the following statements about virtual networks is true? (Select two.)
Multiple virtual networks can be associated with a single physical network adapter. A virtual network is dependent on the configuration and physical hardware of the host operating system.
The IT manager has tasked you with implementing a solution that ensures that mobile devices are up to date, have anti-malware installed, and have the latest definition updates before being allowed to connect to the network. Which of the following should you implement?
NAC
Google Cloud, Amazon Web Services (AWS), and Microsoft Azure are some of the most widely used cloud storage solutions for enterprises. Which of the following factors prompt companies to take advantage of cloud storage? (Select two.)
Need to bring costs down Growing demand for storage
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use?
Nessus
DLP can be implemented as a software or hardware solution that analyzes traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies. Which of the following DLP implementations analyzes traffic for data containing such things as financial documents, social security numbers, or key words used in proprietary intellectual property?
Network DLP
The IT manager has tasked you with installing the new wireless LAN controller (WLC). Where should you install the controller?
Network closet
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?
Network mapper
A security administrator needs to run a vulnerability scan that analyzes a system from the perspective of a hacker attacking the organization from the outside. Which type of scan should he or she use?
Non-credentialed scan
Which of the following does the Application layer use to communicate with the Control layer?
Northbound APIs
Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method?
OSINT
You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?
On a RADIUS server
Which of the following BEST describes the Platform as a Service (PaaS) cloud computing service model?
PaaS delivers everything a developer needs to build an application on the cloud infrastructure.
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use?
Packet sniffer
You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use?
Packet sniffer
Which type of firewall protects against packets coming from certain IP addresses?
Packet-filtering
You need to implement a wireless network link between two buildings on a college campus. A wired network has already been implemented within each building. The buildings are 100 meters apart. Which type of wireless antenna should you use on each side of the link? (Select two.)
Parabolic High-gain
Which of the following types of site surveys should be performed first?
Passive
Which type of reconnaissance is dumpster diving?
Passive
Which of the following techniques involves adding random bits of data to a password before it is stored as a hash?
Password salting
Which of the following uses hacking techniques to proactively discover internal vulnerabilities?
Penetration testing
An active IDS system often performs which of the following actions? (Select two.)
Performs reverse lookups to identify an intruder. Updates filters to block suspect traffic.
Which of the following Security Orchestration, Automation, and Response (SOAR) system automation components is often used to document the processes and procedures that are to be used by a human during a manual intervention?
Playbook
As you browse the internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?
Pop-up blocker
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to a switch that is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure on the switch?
Port mirroring
You want to make sure that a set of servers only accepts traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers do not accept packets sent to those services. Which tool should you use?
Port scanner
Next Tokenization is another effective tool in data loss prevention. Tokenization does which of the following? (Select two.)
Protects data on its server with authentication and authorization protocols Replaces actual data with a randomly generated alphanumeric character set
Which of the following is an advantage of a virtual browser?
Protects the host operating system from malicious downloads
You want to identify traffic that is generated and sent through a network by a specific application running on a device. Which tool should you use?
Protocol analyzer
Which of the following BEST describes a virtual desktop infrastructure (VDI)?
Provides enhanced security and better data protection because most of the data processing is provided by servers in the data center rather than on the local device.
Match each description on the left with the appropriate cloud technology on the right.
Public cloud Provides cloud services to just about anyone. Private cloud Provides cloud services to a single organization. Community cloud Allows cloud services to be shared by several organizations. Hybrid cloud Integrates one cloud service with other cloud services.
11.6.4 Poison ARP and Analyze with Wireshark You are the IT security administrator for a small corporate network. You believe a hacker has penetrated your network and is using ARP poisoning to infiltrate it. In this lab, your task is to discover whether ARP poisoning is taking place as follows: Use Wireshark to capture packets on the enp2s0 interface for five seconds. Analyze the Wireshark packets to determine whether ARP poisoning is taking place. Use the 192.168.0.2 IP address to help make your determination. Answer the questions.
Q1What is the MAC address of the first responding device? 00:00:1B:11:22:33 Q2What was the MAC address of the duplicate responding device? 00:00:1B:33:22:11 Complete this lab as follows: Use Wireshark to capture packets on enp2s0. From the Favorites bar, select Wireshark. Maximize the window for easier viewing. Under Capture, select enp2s0. From the menu bar, select the blue fin to begin a Wireshark capture. After capturing packets for five seconds, select the red box to stop the Wireshark capture. Filter for only ARP packets. In the Apply a display filter field, type arp and press Enter to only show ARP packets. In the Info column, look for the lines containing the 192.168.0.2 IP address. Answer the questions. In the top right, select Answer Questions. Answer the questions. Select Score Lab.
Which of the following protocols can TLS use for key exchange? (Select two.)
RSA Diffie-Hellman
Which of the following serves real-time applications without buffer delays?
RTOS
Which of the following password attacks uses preconfigured matrices of hashed dictionary words?
Rainbow table attack
Which phase or step of a security assessment is a passive activity?
Reconnaissance
An attacker has intercepted near-field communication (NFC) data and is using that information to masquerade as the original device. Which type of attack is being executed?
Relay
Which of the following app deployment and update methods allows an administrator to remove apps and clear all data from a device without affecting the device itself?
Remote management
Which of the following app deployment and update methods allows updates to be uploaded onto Intune where they can be pushed out to users within 24 hours?
Remote management
A smartphone was lost at the airport. There is no way to recover the device. Which of the following ensures data confidentiality on the device?
Remote wipe
Mobile application management (MAM) provides the ability to do which of the following?
Remotely install and uninstall apps.
Which of the following methods can cloud providers implement to provide high availability?
Replication
What is the storage location called that holds all the development source files that version control systems use?
Repository
You are the IT security administrator for a small corporate network. You need to use a vulnerability scanner to check for security issues on your Linux computers. In this lab, your task is to: Use the Security Evaluator to check the security:On the Linux computer with the 192.168.0.45 IP address.On the Linux computers in the IP address range of 192.168.0.60 through 192.168.0.69 Answer the questions.
Required Actions & Questions Run a Security Evaluator report for 192.168.0.45 Q1For the Linux computer with the 192.168.0.45 address, which security vulnerability passed?Your answer: root - Password Does Not ExpireCorrect answer: root - Password Does Not Expire Run a Security Evaluator report for the IP address range of 192.168.0.60 through 192.168.0.69 Q2Which IP addresses in the 192.168.0.60 through 192.168.0.69 range had issues that needed to be resolved?Your answer: 192.168.0.65, 192.168.0.68Correct answer: 192.168.0.65, 192.168.0.68 Q3For the Linux computer with the 192.168.0.65 address, what is the name of the vulnerability that only has a warning?Your answer: backup - Password Does Not ExpireCorrect answer: backup - Password Does Not Expire
11.4.10 Scan for IoT Vulnerabilities You are the IT security administrator for a small corporate network. You have some security issues on a few Internet of Things (IoT) devices. You have decided to use the Security Evaluator to find these problems. In this lab, your task is to use the Security Evaluator to: Find a device using the IP address of 192.168.0.54. Find all devices using an IP address in the range of 192.168.0.60 through 192.168.0.69. Answer the questions.
Required Actions & Questions Scan 192.168.0.54 Q1What is the name of the IoT device with the IP address of 192.168.0.54?Your answer: Wireless ThermostatCorrect answer: Wireless Thermostat Q2How many issues exist for the device with the IP address of 192.168.0.54?Your answer: 3Correct answer: 3 Search for issues using IP range Q3In the IP address range of 192.168.0.60 through 192.168.0.69, which IP addresses had issues?Your answer: 192.168.0.66Correct answer: 192.168.0.66
Which of the following is the first step in the Waterfall application development model?
Requirements
Which of the following is considered a drawback of the Waterfall application development life cycle?
Requirements are determined at the beginning and are carried through to the end product.
Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day, you find that an employee has connected a wireless access point to the network in his office. Which type of security risk is this?
Rogue access point
You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Use the Security Evaluator tool to run a vulnerability scan on the CorpDC domain controller. In this lab, your task is to: Run a vulnerability scan for the CorpDC domain controller using the Security Evaluator on the taskbar. Remediate the vulnerabilities in the Default Domain Policy using Group Policy Management on CorpDC. Re-run a vulnerability scan to make sure all of the issues are resolved.
Run a Security Evaluator report.From the taskbar, open Security Evaluator.Next to Target: Local Machine, select the Target icon to select a target.Select Domain Controller.Using the Domain Controller drop-down list, select CorpDC as the target.Select OK.Next to Status: No Results, select the Status Run/Rerun Security Evaluation icon.Review the results to determine which issues you need to resolve on CorpDC. Access the CorpDC server.From the top navigation tabs, select Floor 1.Under Networking Closet, select CorpDC.If you need to return to the ITAdmin computer to review the Security Evaluator results:From the top navigation tabs, select Floor 1.Under IT Administration, select ITAdmin. Access and edit the CorpNet.local Default Domain Policy.From Server Manager, select Tools > Group Policy Management.Maximize the window for easier viewing.Expand Forest: CorpNet.local > Domains >CorpNet.local.Right-click Default Domain Policy and then select Edit.Maximize the window for easier viewing. Remediate the password policy issues in Account Policies.Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Account Policies.From the left pane, select Password Policy.From the right pane, double-click the policy.Select Define this policy setting.Enter the password setting and then select OK.Repeat steps 4c-4e for each additional password policy. Remediate the reset account lockout counter issue in Account Policies.From the left pane, select Account Lockout Policy.From the right pane, double-click Reset account lockout counter after.Select Define this policy setting.Enter 60 minutes and then select OK. Remediate the Event Log issues.From the left pane, select Event Log.From the right pane, double-click the policy.Select Define this policy setting.Select Do not overwrite events (clear log manually) and then select OK.Repeat steps 6b-6d for each additional Event Log policy. Remediate System Services issues.From the left pane, select System Services.From the right pane, double-click the policy.Select Define this policy setting.Make sure Disabled is selected and then select OK.Repeat steps 7b-7d for the remaining System Services policy. Verify that all the issues were resolved using the Security Evaluator feature on the ITAdmin computer.From the top navigation tabs, select Floor 1.Under IT Administration, select ITAdmin.From Security Evaluator, select the Status Run/Rerun Security Evaluation icon to rerun the security evaluation.If you still see unresolved issues, select Floor 1, navigate to CorpDC, and remediate any remaining issues.
You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might be installed while users browse websites, which could compromise your system or pose a confidentiality risk. Which of the following actions would BEST protect your system?
Run the browser within a virtual environment.
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?
Run the vulnerability assessment again.
Which of the following devices are special computer systems that gather, analyze, and manage automated factory equipment?
SCADA
What is a set of software development tools called that can be installed as one unit and provides code frameworks or code snippets to help development go faster?
SDK
Which of the following is a disadvantage of software defined networking (SDN)?
SDN standards are still being developed.
You are the security administrator for your organization. You have implemented a cloud service to provide features such as authentication, anti-malware, intrusion detection, and penetration testing. Which cloud service have you most likely implemented?
SECaaS
As a network administrator, you are asked to recommend a secure method for transferring data between hosts on a network. Which of the following protocols would you recommend? (Select two.)
SFTP SCP
Which type of wireless access point is generally used in a residential setting?
SOHO
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?
SQL injection
SFTP uses which mechanism to provide security for authentication and data transfer?
SSH
Which of the following is used on a wireless network to identify the network name?
SSID
You have physically added a wireless access point to your network and installed a wireless networking card in two laptops that run Windows. Neither laptop can find the network. You have come to the conclusion that you must manually configure the access point (AP). Which of the following values uniquely identifies the network AP?
SSID
Which of the following cloud computing solutions delivers software applications to a client either over the internet or on a local area network?
SaaS
What is isolating a virtual machine from the physical network to allow testing to be performed without impacting the production environment called?
Sandboxing
Which of the following is a very detailed document that defines exactly what is going to be included in the penetration test?
Scope of work
Which of the following mobile device security considerations disables the ability to use the device after a short period of inactivity?
Screen lock
Which of the following is a network security service that filters malware from user-side internet connections using different techniques?
Secure web gateway
Which of the following roles would be MOST likely to use a protocol analyzer to identify frames that might cause errors?
Security operations team
Which of the following tools can be used to see if a target has any online IoT devices without proper security?
Shodan
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database?
Signature-based IDS
Which of the following do Raspberry Pi systems make use of?
SoC
Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occurred?
Social engineering
Network engineers have the option of using software to configure and control the network rather than relying on individual static configuration files that are located on each network device. Which of the following is a relatively new technology that allows network and security professionals to use software to manage, control, and make changes to a network?
Software-defined networking (SDN)
11.7.7 Crack a Password with John the Ripper You are the IT security administrator for a small corporate network. You've received a zip file that contains sensitive password-protected files. You need to access these files. The zip file is located in the home directory. In this lab, your task is to use John the Ripper to: Crack the root password on the Linux computer named Support. Crack the password of the protected.zip file located in the home directory on IT-Laptop. After John the Ripper cracks the password, it won't crack it again. The results are stored in the john.pot file.
Solution 1. Crack the root password on Support as follows: a. From the Favorites bar, open Terminal. b. At the prompt, type cd /usr/share/john and press Enter to change directories to the folder containing the John the Ripper password file. c. Type ls and press Enter to list the files in the directory. d. Type cat password.lst and press Enter to view the password list. This is an abbreviated list. e. Type cd and press Enter to go back to root. f. Type john /etc/shadow and press Enter to crack the Linux passwords. Notice that the root password of 1worm4b8 was cracked. g. Type john /etc/shadow and press Enter to attempt to crack the Linux passwords again. Notice that it does not attempt to crack the password again. The cracked password is already stored in the john.pot file. h. Type cat ./.john/john.pot and press Enter to view the contents of the john.pot file. i. Type john /etc/shadow --show and press Enter as an alternate method of viewing the previously cracked password. j. In the top right, select Answer Questions. k. In Terminal, find the root password and answer the question. 2. Crack the password of the protected.zip file as follows: a. From the top navigation tabs, select Floor 1 Overview. b. Under IT Administration, select IT-Laptop. c. From the Favorites bar, open Terminal. d. At the prompt, type ls and press Enter to view the contents of the home directory. Notice the protected.zip file you wish to crack. e. Type zip2john protected.zip > ziphash.txt and press Enter to copy the hashes to a text file. f. Type cat ziphash.txt and press Enter to confirm that the hashes have been copied. g. Type john --format=pkzip ziphash.txt and press Enter to crack the password. Notice that the password of p@ssw0rd was cracked.h. Type john ziphash.txt --show and press Enter to show the password. i. In the top right, select Answer Questions. j. In Terminal, find the password for the file and answer the question. k. Select Score Lab.Question 1: 1worm4b8Question 2: p@ssw0rd
11.6.6 Poison DNS You are the IT security administrator for a small corporate network. You want to spoof the DNS to redirect traffic as part of a man-in-the-middle attack. In this lab, your task is to: (Optional) From the Exec computer, access rmksupplies.com and verify that site can be accessed. From the Linux Support computer, use Ettercap to begin sniffing and scanning for hosts. Configure the Exec computer (192.168.0.30) as the target 1 machine. Initiate DNS spoofing. From the Exec computer, access rmksupplies.com and verify that it has been redirected to a different site.
Solution 1. Use Ettercap to begin sniffing and scanning for hosts as follows: a. From the Favorites bar, open Ettercap. b. Select Sniff. c. Select Unified sniffing. d. From the Network Interface drop-down list, select enp2s0. e. Select OK. f. Select Hosts and select Scan for hosts2. Set Exec (192.168.0.30) as the target machine as follows: a. Select Hosts and select Host list. b. Under IP Address, select 192.168.0.30. c. Select Add to Target 1 to assign it as the target. 3. Initiate DNS spoofing as follows: a. Select Plugins. b. Select Manage the plugins. c. Select the Plugins tab. d. Double-click dns_spoof to activate it. e. Select Mitm. f. Select ARP poisoning. g. Select Sniff remote connections. h. Select OK. 4. From Exec, access rmksupplies.com as follows: a. From the top navigation tabs, select Floor 1 Overview. b. Under Executive Office, select Exec. c. From the task bar, open Chrome. d. In the URL field, type rmksupplies.com and press Enter. Notice that the page was redirected to RUS Office Supplies despite the web address not changing.
Which of the following best describes shoulder surfing?
Someone nearby watching you enter your password on your computer and recording it.
Which APIs do individual networking devices use to communicate with the control plane from the Physical layer?
Southbound
A router on the border of your network detects a packet with a source address that is from an internal client, but the packet was received on the internet-facing interface. This is an example of which form of attack?
Spoofing
Which type of activity changes or falsifies information in order to mislead or re-direct traffic?
Spoofing
Software defined networking (SDN) uses a controller to manage devices. The controller is able to inventory hardware components on the network, gather network statistics, make routing decisions based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make widespread configuration changes on just one device. Which of the following best describes an SDN controller?
THE SDN controller is software.
Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.)
TLS SSL
8.3.7 You are a network technician for a small corporate network. You would like to enable Wireless Intrusion Prevention on the wireless controller. You are already logged in as WxAdmin. Access the Wireless Controller console through Chrome on http://192.168.0.6. In this lab, your task is to: Configure the wireless controller to protect against denial-of-service (DOS) attacks as follows: Protect against excessive wireless requests. Block clients with repeated authentication failures for two minutes (120 seconds). Configure Intrusion Detection and Prevention as follows: Report all rogue devices regardless of type. Protect the network from rogue access points. Enable Rogue DHCP Server Detection.
Task SummaryConfigure Denial of Service protection Hide DetailsProtect against excessive wireless requestsBlock clients with repeated authentication failuresBlock clients for two minutes (120 seconds)Enable Wireless Intrusion Protection Hide DetailsEnable Rogue Device ReportingReport all rogue devices regardless of typeProtect the network from rogue access pointsEnable Rogue DHCP Server DetectionExplanationIn this lab, you perform the following tasks:• Configure the wireless controller to protect against denial of service (DOS) attacks as follows:o Protect against excessive wireless requests.o Block clients with repeated authentication failures for two minutes (120 seconds).• Configure Intrusion Detection and Prevention as follows:o Report all rogue devices regardless of type.o Protect the network from rogue access points.• Enable rogue DHCP server detection.Enable Wireless Intrusion Prevention on the wireless controller as follows:1. Select the Configure tab.2. From the left menu, select WIPS.3. Configure Denial of Service protection as follows:a. Select Protect my wireless network against excessive wireless requests.b. Select Temporarily block wireless clients with repeated authentication failures.c. Enter the threshold in seconds.d. On the right, click Apply.4. Configure Intrusion Detection and Prevention as follows:a. Select Enable report rogue devices.b. Select Report all rogue devices.c. Select Protect the network from malicious rogue access points.d. On the right, click Apply.5. Select Enable rogue DHCP server detection; then click Apply.
10.4.12 Implement Data Execution Preventions You work as the IT security administrator for a small corporate network. You are configuring the computer in Office 1 to use Data Execution Prevention (DEP) for all programs and services. You have noticed that the accounting program used on some computers does not function well when DEP is enabled. In this lab, your task is to configure DEP as follows: Enable DEP for all files. Disable DEP for C:\Program Files (x86)\AccountWizard\AccountWizard.exe. Restart the computer to activate DEP.
Task SummaryEnable DEP for all programs and servicesAdd AccountWizard as an execption for DEPRestart the computer to activate DEPExplanationIn this lab, you perform the following tasks:• Enable DEP for all files.• Disable DEP for C:\Program Files\AccountWizard\AccountWizard.exe.• Restart the computer to activate DEP.Enable DEP in Advanced System Properties as follows:1. Right-click Start and select System.2. On the left, select Advanced System Settings.3. Under Performance, select Settings.4. Select the Data Execution Prevention tab.5. Select Turn on DEP for all programs and services except those I select.6. Select Add.7. Browse to C:\Program Files\AccountWizard.8. Select AccountWizard.exe.9. Select Open.10. Make sure the program that you added is selected; then click OK.11. Click OK to confirm that a system restart is needed.12. Click OK to close System Properties.13. Click Restart Now to restart the computer and activate DEP.
Which of the following tools allow remote management of servers? (Select two.)
Telnet SSH
What is the primary purpose of penetration testing?
Test the effectiveness of your security perimeter.
If a user's BYOD device (such as a tablet or phone) is infected with malware, that malware can be spread if that user connects to your organization's network. One way to prevent this event is to use a Network Access Control (NAC) system. How does an NAC protect your network from being infected by a BYOD device?
The NAC remediates devices before allowing them to connect to your network.
When using SSL authentication, what does the client verify first when checking a server's identity?
The current date and time must fall within the server's certificate-validity period.
Which of the following describes the worst possible action by an IDS?
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
The IT manager has tasked you with installing new physical machines. These computer systems are barebone systems that simply establish a remote connection to the data center to run the user's virtualized desktop. Which type of deployment model is being used?
Thin client
Drag the software defined networking (SDN) layer on the left to the appropriate function on the right. (Each SDN layer may be used once, more than once, or not at all.)
This layer receives its requests from the Application layer. Control layer This layer is also known as the Infrastructure layer. Physical layer This layer communicates with the Control layer through what is called the northbound interface. Application layer This layer provides the Physical layer with configuration and instructions. Control layer On this layer, individual networking devices use southbound APIs to communicate with the control plane. Physical layer
In your role as a security analyst, you need to stay up to date on the latest threats. You are currently reviewing the latest real-time updates on cyberthreats from across the world. Which of the following resources are you MOST likely using?
Threat feeds
Mobile device management (MDM) provides the ability to do which of the following?
Track the device.
A user named Bob Smith has been assigned a new desktop workstation to complete his day-to-day work. When provisioning Bob's user account in your organization's domain, you assigned an account name of BSmith with an initial password of bw2Fs3d. On first login, Bob is prompted to change his password. He changes it to the name of his dog, Fido. What should you do to increase the security of Bob's account? (Select two.)
Train users not to use passwords that are easy to guess. Use Group Policy to require strong passwords on user accounts.
Which type of hypervisor runs as an application on the host machine?
Type 2
Which of the following mobile device management (MDM) solutions allows an organization to manage all devices, including printers, workstations, and even IoT devices?
UEM
What is the limit of virtual machines that can be connected to a virtual network?
Unlimited
Next Which formula is used to determine a cloud provider's availability percentage?
Uptime/uptime + downtime
What is a virtual LAN that runs on top of a physical LAN called?
VAN
Which of the following virtual devices provides packet filtering and monitoring?
VFA
Which of the following is an example of protocol-based network virtualization?
VLAN
Which of the following is used as a secure tunnel to connect two networks?
VPN
You manage information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology that allows them to be managed over an internet connection using a mobile device app. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)
Verify that your network's existing security infrastructure is working properly. Install the latest firmware updates from the device manufacturer.
Which of the following best describes Bluesnarfing?
Viewing calendar, emails, and messages on a mobile device without authorization
Which of the following devices facilitates communication between different virtual machines by checking data packets before moving them to a destination?
Virtual switch
Which of the following lets you make phone calls over a packet-switched network?
VoIP
You want to be able to identify the services running on a set of servers on your network. Which tool would BEST give you the information you need?
Vulnerability scanner
You need to implement a solution to manage multiple access points in your organization. Which of the following would you most likely use?
WLC
You need to add security for your wireless network, and you would like to use the most secure method. Which method should you implement?
WPA2
The process of walking around an office building with an 802.11 signal detector is known as:
War driving
You have been promoted to team lead of one of the security operations teams. Which security team are you now a part of?
White
You have been hired to perform a penetration test for an organization. You are given full knowledge of the network before the test begins. Which type of penetration test are you performing?
White box
Which of the following devices would you use to perform a site survey?
Wi-Fi analyzer
Which of the following is responsible for broadcasting information and data over radio waves?
Wireless access point
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?
Wireshark
Which load balancing method distributes a workload across multiple computers?
Workload balancing
Which of the following is an attack that injects malicious scripts into web pages to redirect users to fake websites to gather personal information?
XSS
Which of the following tools can be used to view and modify DNS server information in Linux?
dig
You need to enumerate the devices on your network and display the network's configuration details. Which of the following utilities should you use?
nmap
You need to check network connectivity from your computer to a remote computer. Which of the following tools would be the BEST option to use?
ping
Which passive reconnaissance tool is used to gather information from a variety of public sources?
theHarvester